Lucene search
+L

40 matches found

CNNVD
CNNVD
added 2023/07/20 12:0 a.m.23 views

OpenAM 授权问题漏洞

OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation and federation capabilities. An authorization issue vulnerability exists in Open Access Management OpenAM versions 14.7.2 and earlier, which stems from an...

9.8CVSS8.4AI score0.01022EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2023/06/26 8:0 a.m.12 views

openaccess.inist.fr Cross Site Scripting vulnerability OBB-3471063

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...

5.3CVSS5.2AI score0.02169EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.7 views

PT-2022-26919 · Jenkins · Jenkins 360 Fireline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins 360 FireLine Plugin versions 1.7.2 and earlier Description: The issue concerns the Jenkins 360 FireLine Plugin, which programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived...

5.3CVSS5AI score0.00617EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/04/05 7:55 p.m.28 views

CVE-2022-23974 Pinot segment push endpoint has a vulnerability in unprotected environments

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release...

7.6AI score0.01996EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/11/05 12:0 a.m.8 views

PT-2021-21854 · Meross · Meross Smart Wi-Fi 2 Way Wall Switch

Name of the Vulnerable Software and Affected Versions: Meross Smart Wi-Fi 2 Way Wall Switch MSS550X versions 3.1.3 and earlier Description: The issue allows a remote attacker to obtain the Wi-Fi SSID and the password configured by the user from the Meross app via an Http/JSON plain request. This ...

7.4CVSS6.4AI score0.00703EPSS
Exploits0References3
NVD
NVD
added 2021/05/13 4:15 p.m.18 views

CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...

5.3CVSS0.02169EPSS
Exploits0References9
OSV
OSV
added 2021/05/13 4:15 p.m.2 views

DEBIAN-CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...

5.3CVSS5.6AI score0.02169EPSS
Exploits0References1
OSV
OSV
added 2021/05/13 4:15 p.m.11 views

CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...

5.3CVSS6.1AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2021/05/13 4:15 p.m.32 views

CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...

5.3CVSS6.1AI score0.02169EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/05/13 3:10 p.m.30 views

CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...

6.3AI score0.02169EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/05/02 12:0 a.m.5 views

PT-2021-4054 · Prosody +2 · Prosody +2

Name of the Vulnerable Software and Affected Versions: Prosody versions prior to 0.11.9 Description: The issue is related to the proxy65 component of the Prosody server for Jabber/XMPP, which allows open access by default. This can be exploited by a remote attacker to cause a denial of service,...

7.8CVSS7.6AI score0.04563EPSS
Exploits2References64
CNVD
CNVD
added 2021/03/02 12:0 a.m.8 views

EPrints Cross-Site Scripting Vulnerability

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A reflected cross-site scripting vulnerability exists in the dataset parameter of the cgi/datasetdictionary URI in EPrints 3.4.2. No detailed vulnerability details are provide...

6.1CVSS6.1AI score0.03072EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.5 views

EPrints 安全漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. EPrints 3.4.2 suffers from a command injection vulnerability. A remote attacker can exploit this vulnerability by entering specially crafted data into cgi/cal?year= URI to...

9.8CVSS6AI score0.03057EPSS
Exploits1References3
Schneier on Security
Schneier on Security
added 2018/11/09 12:4 p.m.24 views

Privacy and Security of Data at Universities

Interesting paper: "Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier," by Christine Borgman: Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2018/05/25 12:41 a.m.27 views

Mail.ru: Получаем все домены и поддомены icq с помощью amazonaws.com [config,txt]

Открытый доступ к config.txt на амазоне где лежат все ваши домены и поддомены "api.icq.net": "api.ic2ster.com", "bos.icq.net": "bos.ic2ster.com", "api.login.icq.net": "apilogin.ic2ster.com", "icq.com": "www.ic2ster.com ", "www.icq.com ": "www.ic2ster.com ", "files.icq.com": "files-com.ic2ster.com...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2013/01/13 6:10 a.m.16 views

RIP Aaron Swartz, A legendary Internet Activist

Aaron Swartz has committed suicide on January 11, 2013 in New York City. I have long been fought if you write something about this extraordinary boy, but not dedicate a tribute would be a shame. Aaron Swartz has decided to leave a huge void in the IT scenario. For me, as the entire world he is a...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2012/08/01 2:29 a.m.11 views

Verizon Settles with FCC for $1.25 Million Over Tethering Block

In an unprecedented move, the Federal Communications Commission ended a 10-month investigation of Verizon Wireless with a $1.25 million settlement for restricting Android customer access to “tethering” software used to relay Internet signals to other devices. The federal probe was launched after...

Exploits0References2
The Hacker News
The Hacker News
added 2011/07/21 9:20 p.m.2 views

Harvard researcher arrested on hacking charges

Harvard researcher arrested on hacking charges A Harvard researcher Aaron Swartz has been arrested in Boston for broke into the computer networks at the Massachusetts Institute of Technology to gain access to JSTOR, a non-profit online service for distributing scholarly articles, and downloaded 4...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2011/07/21 9:20 p.m.10 views

Harvard researcher arrested on hacking charges

Harvard researcher arrested on hacking charges A Harvard researcher Aaron Swartz has been arrested in Boston for broke into the computer networks at the Massachusetts Institute of Technology to gain access to JSTOR, a non-profit online service for distributing scholarly articles, and downloaded 4...

7.4AI score
Exploits0
Rows per page
Query Builder